|
|
>> Apple Safari for Windows Code Execution and Cross Domain Scripting Vulnerabilities
|
Title : Apple Safari for Windows Code Execution and Cross Domain Scripting Vulnerabilities
VUPEN ID : VUPEN/ADV-2007-2192
CVE ID : CVE-2007-2391 - CVE-2007-3185 - CVE-2007-3186
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-14
|
Multiple vulnerabilities have been identified in Apple Safari for Windows, which could be exploited by remote attackers to execute arbitrary commands and scripting code.
The first issue is caused by an input validation error when processing URLs, which could be exploited by remote attackers to inject arbitrary commands by tricking a user into visiting a malicious web site.
The second vulnerability is caused by an out-of-bounds memory read error when processing malformed data, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a malicious web site.
The third issue is caused by a race condition when processing certain JavaScript objects, which could be exploited by a malicious web site to bypass domain restrictions and read data from another domain.
Affected Products
Apple Safari version 3.0.0 Beta for Windows
Solution
Upgrade to Safari version 3.0.1 Public Beta for Windows :
http://www.apple.com/safari/download/
References
http://www.vupen.com/english/advisories/2007/2192
http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html
ChangeLog
2007-06-14 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
